Many small-business owners fall below what some people call the “security poverty line.” Bootstrapping entrepreneurs can be especially vulnerable to hackers because they don’t have the money or personnel to buy, install and maintain the fancy security products large companies take for granted.
On the hunt for easy pickings, hackers are attacking these security-poor businesses, typically with indiscriminate, automated assaults that could be stopped by basic security tools and computer hygiene. Seven in 10 of the cyber break-ins analyzed in Verizon’s 2012 Data Breach Investigations Report occurred at organizations with 100 employees or less.
The good news is that it can be surprisingly easy and inexpensive to mount a quality defense on a budget. We spoke with Grady Summers, a vice president at Mandiant Corp., an Alexandria, Va.-based information-security firm, and former chief information security officer at General Electric Co., to assemble a list of easy-to-use, free tools that any company — including those without a technology staff — can use to create a comprehensive security program to protect its network, computers and data.
While no security program is perfect, applying these free tools can defend against the most common attacks. “A small business with a part-time IT person could probably do this in a day,” Summers says.
Defend your network.
Most of the threats to company networks come over the Web, Summers says. He recommends using filtering software to block dangerous websites, including “phishing” sites designed to trick unwitting employees into falling for a scam or infect their computers with malware.
San Francisco-based OpenDNS offers a free, cloud-based Web filtering product that can protect a single PC or mobile device, or an entire network, from known phishing sites. OpenDNS’s paid services offer more security features and the ability to block porn and other sites companies may not want people to access while in the office.
To find any weak spots on your network, run a scan. Lumension Security of Scottsdale, Ariz., offers a free vulnerability scanner for checking networks of 25 or fewer computers. It can identify software vulnerabilities and misconfigurations that could put you at risk.
Also, scan your website for security vulnerabilities. Hackers often break into customer databases by striking company websites or hack sites to plant malware that will infect visitors. Qualys, a Redwood Shores, Calif., security company, offers FreeScan, a free tool for detecting security vulnerabilities in Web applications and finding malware infections and threats in websites. Users are limited to five free scans.
If you have a capable in-house technology staff, you also may want to consider using Security Onion, a compilation of free tools for intrusion detection and network monitoring.
Secure your computers.
Protecting computers on your network starts with firewalls and antivirus software. Free basic firewalls now come with Windows and Mac computers, so make sure they’re turned on. Antivirus protection will require a download.
Among the most popular free antivirus programs is one from AVG. Another is Microsoft’s free basic security product Microsoft Security Essentials. It’s made for consumers and businesses with 10 PCs or fewer. And firewall giant Check Point Software of Redwood City, Calif., has a free security suite that includes antivirus and a ZoneAlarm firewall that monitors traffic leaving your computer, as well as standard inbound traffic. In addition, U.K.-based Sophos offers free antivirus software for Macs.
Eliminate security vulnerabilities by applying the free fixes software makers regularly issue. To make that easy, use automatic update features for Microsoft, Apple, Adobe and other products you use. Windows users can make sure all their programs are current by using the free tool FileHippo.
Protect your data.
Full disk encryption software can make company and customer data on your devices unreadable to unauthorized people. Free open-source software TrueCrypt is available for Windows, Mac and Linux machines and can be used to secure data on thumb drives and other storage devices. For Mac, Apple offers free full disk encryption dubbed FileVault2 to users with the Lion operating system.
If you have particularly sensitive information, Summers recommends creating a special encrypted area for that data with its own password. You can create this sort of encrypted “volume” with TrueCrypt and a similar Apple feature.
Also back up the data on your computers in case of loss, theft or damage. With Mozy, you can backup two gigs of data for free offsite and encrypted in Mozy’s data centers.